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DETAILED ACTION 
Response to Arguments 
Applicants 9 Arguments with respect to 35 U.S.C. §112* first paragraph 

• The previous rejection of claim 1 1 under 35 U.S.C. § 1 12, first paragraph, has 
been withdrawn in view of the amendment. 

• Applicant's arguments with respect to the rejection of claim 14 under 35 U.S.C. § 
112, first paragraph, have been fully considered and are persuasive. The rejection of claim 14 
under 35 U.S.C. § 1 12 has been withdrawn. 

Applicants' Arguments with respect to Rejection Under 35 U.S.C. §103 
Applicant's arguments with respect to the rejection under 35 U.S.C. § 103 have been 
fully considered but they are not persuasive. 
As argued by applicants at page 13: 

(a) ...the Applicant respectfully submit that the Granted Permission TableofBapat et ah does NOT teach or 
even remotely suggest a calculation expression for a database. 

(b) ... Bapat et al. does not teach or suggest evaluating a calculation expression for a plurality of records of 
a database based on at least one field of data of said database, wherein the evaluating comprises: (a) 
determining at least one value for at least one field of data stored for a first record of (b) using the at least 
one value as input to the calculation expression to evaluate the calculation expression for the first record, 
and (c) determining a first result for said calculation expression based on the evaluation of the calculation 
expression for the first record, wherein the first result effectively indicates whether to grant access to the 
first record. 



(c) ...the Examiner needs to at least show a motivation or suggestion for defining a calculation expression for a 
password used in a database in order to establish a prima facie case of obviousness that supports 
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rejection of claim 1 under 35 US. C J 03(a), Instead, the Examiner has merely asserted that assigning or identifying a 
password is a conventional technique (Office Action, page 5). 

(d ) ... the Examiner has failed to establish a prima facie case of obviousness that supports the rejection of claims 
43 and 45-47 because the Examiner has failed to provide a motivation or suggestion for combining Bapat et ah and 
Glasser et al (Office Action, page 12). Instead, the Examiner has merely stated that in order to create the permission 
table of Glasser et al., obviously a Graphical User Interface has to be used 

Examiner respectfully disagrees. 

(a) Referring to FIG. 15A, a Granted Permissions Table is disclosed: 



Granted Permissions Tabte for Table 1 
1502 ^fcJser Name 



user x 



user x 



user_y 



jser y 



jser z 



1510 -^ aroup a 



B rou P- z 



Object Name 



obfccLxyz 



object^qrs 



object_xyz 
object abc ' 



object def 



object hii 



object jtd 



Operation Type 



SELECT 



UPDATE 
"SELECT 



SELECT 



SELECT 



SELECT 



Each row of the Granted Permissions Table is defined by a meaningful combination of 
variable characters or variable expression to specify a record access right for a user, wherein each 
row in the Granted Permissions explicitly defines an access right of a user to a record in the 
database with its Fully Distinguished Name as a key is equal to the specified Fully Distinguished 
Name in the Granted Permissions Table. For example, based on the first row of the Granted 
Permissions Table, a User Name = userjc has Operation Type = delete on any record that has 
Object Name = object_xyz. Thus, each row expression in the Granted Permissions Table is a 
calculation expression with a plurality of implied EQUAL OPERATOR, and is evaluated by the FDN 
field of the record to determine the access right 
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(b) Referring to FIG. 1 1 A below, each row in the database tables includes a field 
called the Fully Distinguished Name or FDN of a managed object followed by columns of data. 
For example, an FDN can look like /systemid="sys17owner="accompany7devicetype= ,, router" (Col. 
19, Lines 24-35). 



As disclosed by Bapat, an SQL command is used to access management information in 
DBMS (Col. 25, Line 66-Col. 26, Lines 3). SQL is in the form SELECT FROM WHERE, and 
WHERE clause is used to specify a value of FDN (Col. 20, Lines 28-32), wherein FDN is used 
as the key that determines which managed objects the user is permitted to access (Col. 19, 
Lines 35-40). The Grant table is checked to see if user has specific granted items and grant 
access if the current operation matches the operation specified in the Grant table (Col. 28, Lines 
1-3). As seen, calculation expression, e.g., a row in Granted Permissions Table, is evaluated/or eac/i 

of said plurality of records, e.g., FIG. 11 Abased on said at least one field of data, e.g., FDN field, when said 

request has been received, e.g., SQL command to access management information in DBMS, 

wherein said evaluating comprises: 

(a) determining at least one value for said at least one field of data stored for a first record of said plurality 
of records (As disclosed by Bapat, the FDN operates as the primary key to the data stored in the 
table and to determine which managed objects that a particular user is permitted to access or 

modify (Col. 19, lines 36-40). AS Seen, FDN as value for said at least one field of data stored for a first 
record of said plurality of records as in FIG. 1 1 A is determined), 

(b) using said at least one value as input to said calculation expression to evaluate said calculation 

expression for said first record (As disclosed by Bapat, the Grant table is checked to see if user has 
specific granted items (Col. 28, Lines 1-3). This technique implies FDN is used as input to a 
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particular row in Grant table as calculation expression to evaluate said calculation expression for said first 
record) t 

(c) determining a first result for said calculation expression based on said evaluation of said calculation 
expression for said first record, wherein said first result effectively indicates whether to grant access to said first 

record (access is granted if a match occurred (Col. 28, Lines 1-3). As seen, granting access as a 

first result \S determined, wherein said first result effectively indicates whether to grant access to said first 
record). 

(c) In response to applicant's argument that there is no suggestion to combine the 
references, the examiner recognizes that obviousness can only be established by combining or 
modifying the teachings of the prior art to produce the claimed invention where there is some 
teaching, suggestion, or motivation to do so found either in the references themselves or in the 
knowledge generally available to one of ordinary skill in the art. See In re Fine, 837 F.2d 1071 , 
5 USPQ2d 1596 (Fed. Cir. 1988), and In re Jones, 958 F.2d 347, 21 USPQ2d 1941 (Fed. Cir. 
1992). In this case, the process of assigning a password and identifying password is a 
conventional technique, which was used for security purpose, and password is a must for Bapat 
method and system in order to have a more secure database system. 

(d) In response to applicant's argument that there is no suggestion to combine the 
references, the examiner recognizes that obviousness can only be established by combining or 
modifying the teachings of the prior art to produce the claimed invention where there is some 
teaching, suggestion, or motivation to do so found either in the references themselves or in the 
knowledge generally available to one of ordinary skill in the art. See In re Fine, 837 F.2d 1071 , 
5 USPQ2d 1596 (Fed. Cir. 1988), and In re Jones, 958 F.2d 347, 21 USPQ2d 1941 (Fed. Cir. 
1992). As disclosed by Bapat, the system administrator 302 creates the permissions tables prior 
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to use of the DBMS 280 by end users. The system administrator 302 invokes a call 440 to the 
Create_Permissions_Tables 442 procedure of the DBMS 280 (Bapat, Col. 26, lines 18- 
27). As seen, in order to create the permission table by the Create_Permissions_Tables 
procedure, obviously, a Graphical User interface as disclosed by Glasser has to be used to enter 
the user name, FDN and access control code. 

In view of the above, the examiner contends that all limitations as recited in the claims 
have been addressed in this Action. 

Duplicate Claims, Warning 
Applicant is advised that should claim 1 1 be found allowable, claims 53, 54 will be 
objected to under 37 CFR 1.75 as being a substantial duplicate thereof. When two claims in an 
application are duplicates or else are so close in content that they both cover the same thing, 
despite a slight difference in wording, it is proper after allowing one claim to object to the other 
as being a substantial duplicate of the allowed claim. See MPEP § 706.03(k). 

Claim Objections 

Claims 51 and 53 are objected to because of the following informalities: 

• Claim 51 cannot be a dependence of claim 1 (claim 1 has been canceled, claim 
1 1 is respectfully suggested) 

• said calculation expression as in claim 53 (said expression is respectfully suggested). 

Appropriate correction is required. 



Application/Control Number: 09/771,143 
Art Unit: 2168 



Page 7 



Claim Rejections - 35 USC § 101 

35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of 
matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the 
conditions and requirements of this title. 

Claims 11-15, 38-43, 45-47, 53-58, especially claims 11, 38, 43 and 53, are rejected 
under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject 
matter. 

The method, system and program of claims 1 1 , 38, 43 and 53 do not produce a tangible 
and useful result as set forth in MPEP 2106 (IV)(B)(2)(b)(ii) 1 . 

Claim Rejections - 35 USC §112 

The following is a quotation of the first paragraph of 35 U.S.C. 112: 

The specification shall contain a written description of the invention, and of the manner and process of 
making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the 
art to which it pertains, or with which it is most nearly connected, to make and use the same and shall 
set forth the best mode contemplated by the inventor of carrying out his invention. 



1 MPEP2106(IV)(B)(2)(b)(ii): 

For such subject matter to be statutory, the claimed process must be limited to a practical 
application of the abstract idea or mathematical algorithm in the technological arts. See 
A/appat, 33 F.3d at 1543, 31 USPQ2d at 1556-57 (quoting Diamond v. £>iehr, 450 
U.S. at 192, 209 USFQ at lO). See also A/appat 33 F.3d at 1569, 31 USPQ2d at 
1578-79 (Newman, J., concurring) (* "unpatentability of the principle does not defeat 
patentability of its practical applications") (citing O 'Railly v. AJorse, 56 U.S. (15 How.) 
at 114- 19). A claim is limited to a practical application when the method, as claimed, 
produces a concrete, tangible and useful result; i.e., the method recites a step or act of 
producing something that is concrete, tangible and useful. See AT <&T* 172 F.3d at 1358, 
50 USPQ2d at 1452. Likewise, a machine claim is statutory when the machine, as 
claimed, produces a concrete, tangible and useful result (as in State Street, 149 F.3d at 
1373, 47 USPQ2d at 1601) and/or when a specific machine is being claimed (as in 
Alappat* 33 F.3d at 1544, 31 USPQ2d at 1557 (*>• en< banc). For example, a 
computer process that simply calculates a mathematical algorithm that models noise is 
nonstatutory. However, a claimed process for digitally filtering noise employing the 
mathematical algorithm is statutory. 
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Claim 11, 38, 43 and 56 are rejected under 35 U.S.C. 112, first paragraph, as failing 
to comply with the written description requirement. The claim(s) contains subject matter 
which was not described in the specification in such a way as to reasonably convey to 
one skilled in the relevant art that the inventor(s), at the time the application was filed, 
had possession of the claimed invention. 

As in claims 11, 38 and 43, the Clause using said at least one value as input to said calculation 
expression to evaluate said calculation expression for said first record was not described in the 
specification. 

As in claim 56, the Clause determining of whether to grant access to said first record determines to 
grant access to said first record, but said determining of whether to grant access to said second record determines not to 
grant access to said second record was not described in the specification. 

Claim Rejections - 35 USC §112 

The following is a quotation of the second paragraph of 35 U.S.C. 112: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 

Claims 11, 38 and 43 are rejected under 35 U.S.C. 112, second paragraph, as being 
indefinite for failing to particularly point out and distinctly claim the subject matter which 
applicant regards as the invention. 

Claims 1 1 , 38 and 43 are rejected under 35 U.S.C. 112, second paragraph, as being 
incomplete for omitting essential steps, such omission amounting to a gap between the steps. 
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See MPEP § 2172.01 (As recited in claim 1 1 , a request is received to perform at least one 
operation on a plurality of records , and evaluating calculation expression for each of said 
plurality of records. However, evaluating as recited from lines 23-29 is performed only for a first 
record . The omitted step is identifying and evaluating the next records as disclosed at FIG. 10). 

Claim Rejections - 35 USC § 102 

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351(a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 

Claims 53-58 are rejected under 35 U.S.C. 102(e) as being anticipated by 
Osentoski et al. [USP 6,763,344 B1]. 

Regarding Claim 53, OsentOSki teaches a method for controlling access to individual records 
stored in a database (Abstract). The method comprising: 

defining an expression (As shown in TABLE I at Col. 2, a user profile is defined by set of 
"Type Of Data", "PrOCtect_Cd" and "Access" data as an expression) that can be evaluated for each of a 
plurality of records stored in a database (Col. 4, Lines 1 6-24), wherein said plurality of records of said 
database includes a first record and a second record (Col. 2, Lines 1 9-20) and 

evaluating said expression for said first record of said plurality of records of said database (Col. 4, 
Lines 16-24), 
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determining, based on said evaluating of said expression for said first record, whether to grant access to 
said first record of said plurality of records of said database (Col. 4, Lines 21-24). 

Regarding claim 54, Osentoski teaches all of the claimed subject matter as discussed 

above With respect to Claim 53, Osentoski further discloses expression is defined based on at least one 
field of data stored for said first and second record (TABLE III, Col. 3), and wherein said evaluating of said 
expression for said first record comprises'. 

retrieving a first value stored in said first record for said at least one field (Col. 4, Lines 21-24, 
"Protect Code" as a first value stored in said first record for said at least one field is retrieved); 

evaluating said expression for said first record based on said first value provided as input to said 
expression (Col. 4, Lines 21-24); and 

determining a first result based on said evaluating of said expression for said first record, wherein said 
first result effectively indicates whether to grant access to said first record (Col. 4, Lines 21-24). 

Regarding claim 55, Osentoski teaches all of the claimed subject matter as discussed above 

With respect to Claim 54, Osentoski further discloses the Step Of evaluating said expression for said second record 
of said plurality of records of said database; and determining, based on said evaluating of said calculation expression for said 
second record, whether to grant access to said second record of said plurality of records of said database (Col. 4, Lines 21 - 
24). 

Regarding claim 56, Osentoski teaches all of the claimed subject matter as discussed above with 

respect to Claim 55, Osentoski further discloses determining of whether to grant access to said first record determines 
to grant access to said first record, hut said determining of whether to grant access to said second record determines not to grant 
access to said second record (Col. 4, Lines 21-24). 
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Regarding claim 57, Osentoski teaches all of the claimed subject matter as discussed above with 

respect to Claim 51 , OsentOSki further discloses expression is defined based on data stored in said database (Col. 2, 
Lines 36-61). 

Regarding claim 58, Osentoski teaches all of the claimed subject matter as discussed above with 

respect to Claim 51 , OsentOSki further discloses expression is defined based on one or more of the following: a field of 
data stored in said database; a state variable of said database; and data stored or referenced by said database (USER 
PROFILE as expression \S defined based On ACCESS as a state variable of said database) 

Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

This application currently names joint inventors. In considering patentability of the 

claims under 35 U.S.C. 103(a), the examiner presumes that the subject matter of the various 

claims was commonly owned at the time any inventions covered therein were made absent any 

evidence to the contrary. Applicant is advised of the obligation under 37 CFR 1 .56 to point out 

the inventor and invention dates of each claim that was not commonly owned at the time a later 

invention was made in order for the examiner to consider the applicability of 35 U.S.C. 103(c) 

and potential 35 U.S.C. 102(e), (f) or (g) prior art under 35 U.S.C. 103(a). 
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Claims 11-15, 38-42, 51 and 52 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Bapat et al. [USP 6,236,996 B1] in view of Elmasri et al. [Fundamentals 
of Database System]. 



Regarding claims 1 1 and 38, Bapat teaches a method and program for controlling 
managed objects. The method comprising: 

defining a calculation expression, wherein said calculation expression is a variable expression defined 
based on at least one field of data used in a plurality of records stored in said database (As Shown in FIG. 14, 
tables 310 and 320 as in FIG. 1 1 A are stored in a conventional DBMS 280 (Col. 25, lines 49- 
50). Rows 31 1, 312, 321, 322 of the tables 310, 320 contain management information for 
managed objects (Col. 25, lines 60-61). The FDN operates as the primary key to the data stored 
in the table and to determine which managed objects that a particular user is permitted to 
access or modify (Col. 19, lines 36-40). Access control for a particular user on a particular 
managed object is defined by a permissions table as shown below (Col. 26, lines 10-12). 



Granted Permissions Tabte for Table 1 
1602 "HUser Name | Object Name I Operation Type 1 



user x 



1510" 



user_y 



user v 



arouo a 



gro upz 



an. 



object_xyz 
object abc" 



objected ef 



object hii 



object JM 



UPDATE 



"PEOETg" 



SELECT 



SELECT 



SELECT 



A permission entry 1502 is tuple having three fields, user name, object name, and 
operation type. The object name, preferably, is the FDN or Full Distinguish Name for a managed 
object (Col. 26, Lines 28-33). Referring to FIG. 1 1 A as shown below, each row in the database 
tables includes a field called the Fully Distinguished Name or FDN of a managed object followed 

by Columns Of data. For example, an FDN Can look like /sy8temid="sysr/owmer= w accompany7devicetype= n router n 

(Col. 19, Lines 24-35). 
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FDN | Data 1| ... I DataN 

As seen, each row of the Granted Permissions Table is defined by a meaningful 
combination of variable characters or variable expression to specify a record access right for a 
user, wherein each row in the Granted Permissions explicitly defines an access right of a user to 
a record in the database with its Fully Distinguished Name as a key is equal to the specified 
Fully Distinguished Name in the Granted Permissions Table. For example, based on the first 
row of the Granted Permissions Table, a User Name = user_x has Operation Type = delete on 
any record that has Object Name = object_xyz. Thus, each row expression in the Granted 
Permissions Table is a calculation expression with a plurality of implied EQUAL OPERATOR, and 
is evaluated by the FDN field of the record to determine the access right) and 

calculation expression can be evaluated at least partly based on said at least one field of data used in 

said plurality of records (Col. 28, Lines 1-3, the Grant table is checked to see if user has specific 
granted items, e.g., FDN, and as discussed above, FDN is at least one field of data used in said 

plurality of records of FIG. 1 1A), 

wherein said at least one filed of data is a variable which may have different values for each of said 
plurality of records (FIG. 1 0, tables 310 and 320, FDN field is a variable which may have different values 
for each of said plurality of records), 

thereby allowing access to each individual record of said plurality of record to be selectively controlled 
based on at least one value of said at least one field of data stored for each of said plurality of records of said 
database (Col. 20, Lines 7-32, SELECT*, FROM view_table1_max WHERE FDN = "a/b/c", by 
using SELECT*, if FDN is matched with FDN in Grant table, the other fields as in tables 310 and 
320 will be accessed, wherein the record is selectively controlled by FDN) and 
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wherein expression defines access privileges of said one or more users with respect to at least one 
operation that may be requested to be performed by said one or more users on said plurality of records of said 
database (FIG. 15 A and B). 

When a user 300 issues an SQL command to access the DBMS 280 (Col. 22, lines 24- 
26, Col. 25, lines 65-67) for the status of all routers in the network or for information about a 
specified list of managed objects (Col. 28, lines 27-30) with an operation as specified in FIG. 

1 5A as receiving a request to perform said at least one operation on said plurality of records of said database, 
said request being identified as a request made by said one or more users associated with user name. 

Access Control is enforced by evaluating user name, object name and operation type as 

said calculation expression for said each of said plurality of records, based on said at least one field of data, 

e.g., FDN field, when said request has been received, e.g., SQL command to access management 
information in DBMS, 

wherein said evaluating comprises: 

(a) determining at least one value for said at least one field of data stored for a first record of said 

plurality of records (As disclosed by Bapat, the FDN operates as the primary key to the data stored 
in the table and to determine which managed objects that a particular user is permitted to 

access or modify (Col. 19, lines 36-40). As seen, FDN as value for said at least one field of data stored 
for a first record of said plurality of records as in FIG. 11A is determined), 

(b) using said at least one value as input to said calculation expression to evaluate said calculation 

expression for said first record (As disclosed by Bapat, the Grant table is checked to see if user has 
specific granted items (Col. 28, Lines 1-3). This technique implies FDN is used as input to a 

particular row in Grant table as calculation expression to evaluate said calculation expression for said first 
record), 

(c) determining a first result for said calculation expression based on said evaluation of said calculation 
expression for said first record, wherein said first result effectively indicates whether to grant access to said first 
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record (access is granted if a match occurred (Col. 28, Lines 1-3). As seen, granting access as a 

first result is determined, wherein said first result effectively indicates whether to grant access to said first 
record). 

The missing Of Bapat technique is the Step identifying a password that is associated with one or 
more users of said database. 

Elmasri teaches a method of protecting access to a database system by identifying a 

password that is associated with one or more users of said database (Elmasri, page 71 8). 

By using a password to identify a user a taught by Elmasri, the database system is 
secured and data is protected from misuse and against intruders. 

Regarding claims 12 and 39, and Bapat and Elmasri, in combination, teach all of the 
claimed subject matter as discussed above with respect to claims 1 1 and 38, Bapat further 

discloses at least one operation can be a browse, an edit, or a delete operation (FIG. 1 5A and B). 

Regarding claims 13 and 40, Bapat and Elmasri, in combination, teach all of the claimed 
subject matter as discussed above with respect to claims 1 1 and 38, Bapat further discloses 

calculation expression is not explicitly defined for said at least one operation but said calculation expression is 
one that has been defined for another operation which has been considered as a related operation to said at least 
one operation (FIG. 1 5A). 

Regarding claims 14 and 41 , Bapat and Elmasri, in combination, teach all of the claimed 
subject matter as discussed above with respect to claims 1 1 and 38, Bapat further discloses said 
calculation expression can be evaluated at least partly based on at least one state variable of said database, 
wherein said state variable can indicate the condition of an element of said database at a particular time (As 
further disclosed by Bapat at Col. 26, Lines 55-57 and 60-63, by convention, the permissions 
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tables use a special object name value, such as a database NULL value to represent "all 
objects". For a system with 5,000 managed objects, only one entry is required (Col. 27, Lines 
30-36). GRANT TABLE: (U1, NULL, Op1). Thus, by using NULL variable, the calculation 
expression (U1 , NULL, Op1 ) can be evaluated based on a state variable of a database, e.g., NULL indicates 
5,000 records, and the number of record is the condition of database at that particular time, 
because the number of records in the database can be changed overtime, e.g., by deleting or 
inserting). 

Regarding claims 15 and 42, Bapat and Elmasri, in combination, teach all of the claimed 
subject matter as discussed above with respect to claims 14 and 38, Bapat further discloses the 

Step Of granting temporary or limited access to said at least one record to allow said evaluating of said 
calculation expression (FIG. 15A). 

Regarding claim 51, Bapat and Elmasri, in combination, teach all of the claimed subject 
matter as discussed above with respect to claim 1 1 , Bapat further discloses evaluation can return 

at least two possible values for each of said plurality of records, one of said possible values indicating that said at 
least one operation should be granted and another one of said possible values indicating that said at least one 
operation should be denied (Col. 27, line 45-Col. 28, line 26). 

Regarding claim 52, Bapat and Elmasri, in combination, teach all of the claimed subject 
matter as discussed above with respect to claim 51 , Bapat further discloses the step of granting 

said at least one operation to be performed when said evaluation returns one said possible value to indicate that 
said at least one operation should be granted; and denying said at least one operation to be performed when said 
evaluation returns said another possible value to indicate that said at least one operation should be denied (Col. 
27, line 45-Col. 28, line 26). 
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Claims 43 and 45-47 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Bapat et al. [USP 6,236,996 B1] in view of Glasser et al. USP 6,308,173 B1]. 



Regarding claim 43, Bapat teaches a database system comprising: 

a database including a plurality of records stored therein (Col. 25, Lines 49-50 and 55-59); 
a database program that can access said database and can be used as an interface to said database (Col. 
7, Lines 45-67), 

wherein said database program can be used to: 

define a calculation expression for controlling access to said plurality records in said databases, 
wherein said calculation expression is a variable expression defined based on a least one field of data used in a 
plurality of records stored in said database (As shown in FIG. 14, tables 310 and 320 as in FIG. 11A 
are stored in a conventional DBMS 280 (Col. 25, lines 49-50). Rows 311, 312, 321, 322 of the 
tables 310, 320 contain management information for managed objects (Col. 25, lines 60-61). 
The FDN operates as the primary key to the data stored in the table and to determine which 
managed objects that a particular user is permitted to access or modify (Col. 19, lines 36-40). 
Access control for a particular user on a particular managed object is defined by a permissions 
table as shown below (Col. 26, lines 10-12). 



Granted Permissions Table for Table 1 
1 502 "HUser Name (Object Name I Operation Type 1 



user x 



1510 



user_y 



user 



jser_z 
^ group a 



ofajecUcyz" 



otoject_qr8 



object_xyz 
object abc" 



object def 
object hJi 
object jteJ 



UPDATE 



"PEEETT" 



SELECT 
SELECT 
SELECT 



A permission entry 1502 is tuple having three fields, user name, object name, and 
operation type. The object name, preferably, is the FDN or Full Distinguish Name for a managed 
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object (Col. 26, Lines 28-33). Referring to FIG. 1 1 A as shown below, each row in the database 
tables includes a field called the Fully Distinguished Name or FDN of a managed object followed 

by columns Of data. For example, an FDN Can look like /8ystemid="sys17ovmeF"accompany"/devicetype="router" 

(Col. 19, Lines 24-35). 

Row 

FDN | Data 1| ... | Data N 

As seen, each row of the Granted Permissions Table is defined by a meaningful 
combination of variable characters or variable expression to specify a record access right for a 
user, wherein each row in the Granted Permissions explicitly defines an access right of a user to 
a record in the database with its Fully Distinguished Name as a key is equal to the specified 
Fully Distinguished Name in the Granted Permissions Table. For example, based on the first 
row of the Granted Permissions Table, a User Name = user_x has Operation Type = delete on 
any record that has Object Name = object_xyz. Thus, each row expression in the Granted 
Permissions Table is a calculation expression with a plurality of implied EQUAL OPERATOR, and is 
evaluated by the FDN field of the record to determine the access right) and 

calculation can be evaluated at least partly based on said at least one field (Col. 28, Lines 1 -3, the 

Grant table is checked to see if user has specific granted items, e.g., FDN, and as discussed 

above, FDN is at least one field of data used in said plurality of records of FIG. 1 1 A), 

wherein said at least one field of data is a variable which may have different values for each of said 
plurality of records (FIG. 1 0, tables 310 and 320, FDN field is a variable which may have different values 
for each of said plurality of records), 

thereby allowing access to said plurality of records to be selectively determined based on said calculation 
expression (Col. 20, Lines 7-32, SELECT*, FROM view_table1_max WHERE FDN = "a/b/c", by 
using SELECT*, if FDN is matched with FDN in Grant table, the other fields as in tables 310 and 
320 will be accessed, wherein the record is selectively controlled by FDN) and 
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wherein said database program is further capable of: 

receiving a request to perform at least one operation on said plurality of records in said 
database (Col. 20, Lines 23-31); 

evaluating user name, object name and operation type as said calculation expression 

for said each of said plurality of records, based on said at least one field of data, e.g., FDN field, when 

said request has been received, e.g., SQL command to access management information in 
DBMS, 

wherein said evaluating comprises: 

(a) determining at least one value for said at least one field of data stored for a first record of said 

plurality of records (As disclosed by Bapat, the FDN operates as the primary key to the 
data stored in the table and to determine which managed objects that a particular user is 
permitted to access or modify (Col. 19, lines 36-40). As seen, FDN as value for said at least 

one field of data stored for a first record of said plurality of records as in FIG. 1 1 A is determined), 

(b) using said at least one value as input to said calculation expression to evaluate said calculation 

expression for said first record (As disclosed by Bapat, the Grant table is checked to see if 
user has specific granted items (Col. 28, Lines 1-3). This technique implies FDN is used 

as input to a particular row in Grant table as calculation expression to evaluate said calculation 
expression for said first record), 

(c) determining a first result for said calculation expression based on said evaluation of said calculation 
expression for said first record, wherein said first result effectively indicates whether to grant access to 

said first record (access is granted if a match occurred (Col. 28, Lines 1-3). As seen, 

granting access as a first result is determined, wherein said first result effectively indicates whether 
to grant access to said first record). 

Bapat does not explicitly teach Graphical User interface is included to define expression. 
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However, as disclosed by Bapat, the system administrator 302 creates the permissions 
tables prior to use of the DBMS 280 by end users. The system administrator 302 invokes a call 
440 tO the Create Permissions Tables 442 procedure of the DBMS 280 (Bapat, Col. 26, lines 18- 
27). As seen, in order to create the permission table by the Create Permissions Tables procedure, 
obviously, a Graphical User interface has to be used to enter the user name, FDN and access 
control code as discussed above. 

Glasser teaches a Graphical User Interface for defining access control expression 
(Glasser, FIG. 6B). 

Therefore, it would have been obvious for one of ordinary skill in the art at the time the 
invention was made to include a Graphical User Interface as taught by Glasser in order to have 
a friendly system to define access right for a user. 

Regarding claim 45, Bapat and Glasser, in combination, teach all of the claimed subject 
matter as discussed above with respect to claim 43, Bapat further discloses at least one operation 

can be a browse, an edit, or a delete operation (FIG. 1 5A and B). 

Regarding claim 46, Bapat and Glasser, in combination, teach all of the claimed subject 
matter as discussed above with respect to claim 43, Bapat further discloses calculation expression 
is not explicitly defined for said at least one operation but said calculation expression is one that has been defined 
for another operation which has been considered as a related operation to said at least one operation (FIG. 
15A). 

Regarding claim 47, Bapat and Glasser, in combination, teach all of the claimed subject 
matter as discussed above with respect to claim 43, Bapat further discloses said calculation 
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expression can be evaluated at least partly based on at least one state variable of said database (Col. 26, lines 
28-33). 

Conclusion 

Applicant's amendment necessitated the new ground(s) of rejection presented in this 
Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant 
is reminded of the extension of time policy as set forth in 37 CFR 1 .1 36(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 
MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 
will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 
CFR 1 .136(a) will be calculated from the mailing date of the advisory action. In no event, 
however, will the statutory period for reply expire later than SIX MONTHS from the date of this 
final action. 

Any inquiry concerning this communication or earlier communications from the examiner 
should be directed to HUNG Q. PHAM whose telephone number is 571-272-4040. The 
examiner can normally be reached on Monday-Friday. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, TIM T. VO can be reached on 571-272-3642. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private 
PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 
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